As computers have become more widely used and more pervasively networked, information, privacy, and financial losses, due to information security breaches, have dramatically increased as well.
Many advances have been made in recent years in the field of computer information security. Most of these security countermeasures technologies employed computer software to identify authorized users of a system, protect against virus infection, encrypt/decrypt data streams, prevent unauthorized registration and/or use of pirated software applications, or block malicious or surreptitious communications originating from a particular source. Nevertheless, unauthorized access to a particular computer system may often be obtained by exploiting various security flaws present in the program code of the countermeasure software itself. Additionally, unauthorized access may also occur with the theft of information or with reverse engineering of the code or data or the system to which the data relates.
Also, in the current computing world, if an exploit is found, it usually becomes available on any system, meaning that if an attacker breaks in into one system, the attacker can break into all systems of the same type, (i.e., breaking into one leads to breaking into all).
There are many threats to computing architectures directed to attack various functionalities (e.g., applications, processes, etc.) and/or resources (e.g., memory, network, processor, peripherals and the like). One example of family types of attacks trying to exploit the memory of the system is the memory corruption attack, also known as the zero days attack.
Memory corruption occurs in a computer program when the contents of memory pointers are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs. This is termed violating memory safety. When the corrupted memory contents are used later in that program, it leads either to a program crash or to unintended strange and bizarre program behavior, from the program programmer's or designer's perspective.
An attacker can execute a memory corruption attack by attacking the CPU's memory structure (e.g., stack, heap, text code, shared libs), causing a buffer overflow, exploiting the memory using return oriented programming (ROP), JIT-ROP, Blind-ROP and other memory corruption types of exploits, and building and triggering exploits by searching for gadgets in the memory or program code. Typically, CPU architectures are not designed with security features to protect their cores and memory. Alternatively, the security features may be mitigated by the attackers. Any security software (e.g., anti-virus system) can run after the CPU has restarted, thus, such software may not be able to protect against, at least, memory corruption attacks.
It would be, therefore, advantageous to provide a solution that would overcome the deficiencies noted above.